CVE-2014-2137

Cisco Web Security Appliance < 7.7 - CRLF Injection via Crafted URL

Title source: llm
STIX 2.1

Description

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.

References (2)

Core 2
Core References

Scores

EPSS 0.0095
EPSS Percentile 57.0%

Details

CWE
CWE-20
Status published
Products (9)
cisco/web_security_appliance
cisco/web_security_virtual_appliance 7.1.0
cisco/web_security_virtual_appliance 7.1.1
cisco/web_security_virtual_appliance 7.1.2
cisco/web_security_virtual_appliance 7.1.3
cisco/web_security_virtual_appliance 7.1.4
cisco/web_security_virtual_appliance 7.5.0
cisco/web_security_virtual_appliance 7.5.1
cisco/web_security_virtual_appliance < 7.7
Published Apr 02, 2014
Tracked Since Feb 18, 2026